Jump to content
The Dark Mod Forums

Installer detected as being infected


Stauf

Recommended Posts

I've had this bookmarked for some time now, and finally got around to installing TDM. AVG is alerting that tdm_installer.exe is infected with "IDP.Generic".  I don't know if this is a hiccup from AVG or if I should take this seriously.

Link to comment
Share on other sites

This is happening all over the place to many homebrew software.  If people say "just ignore it, it's a false-positive" as true as that may be, it doesn't solve the problem.  The "heuristics" have become tuned to "whatever tries to save a highscore table to an INI file", else  "has the Microsoft blessings so let the ransomware fly free".  That sounds like a contradiction, but it isn't.  This is business, after all.

There are a couple of solutions.  
 - An army of us send out reports of false-positive claims to all of these AV vendors and/or Microsoft themselves, and hope they accidentally see it.
 - TDM team scrapes their pockets and PAYS them to be flagged as safe, potentially acquiring certification from Microsoft, which is essentially the same as the first option, requiring less people but should be (in theory) streamlined.
 - Refactoring the installer and going around and around in circles trying to make all the major AV vendors happy, which is likely not possible.

What can't be done is:-
 - Floating in through the window like Wrinkly Kong's ghost and whisper to each user how the installer is safe and it's just a false-positive, just a false-positive...

What is likely to happen:-
 - We all say it's a false-positive, and we'd be correct, but nothing ever gets fixed and the problem never goes away.  We say it's the AV's fault and hope all future users will stumble across this forum thread.

 

 

Edited by LDAsh
  • Like 1
  • Thanks 1
Link to comment
Share on other sites

IDP.Generic is just AVG thinking that the installer is doing something that kinda looks like malware, but doesn't match anything specific in its database. Basically it's an AVG hiccup from AVG being overzealous in its detection methods, since "looking like malware" can cover a wide array of software installer packages. But as @LDAsh said, a lot of them pay for certification so that such AV (along with Microsoft's stuff) doesn't flag them.

I'd recommend going here and submitting a false positive form, since it will help others using AVG as well:

https://www.avg.com/en-ww/false-positive-file-form

  • Thanks 1

A word of warning, Agent Denton. This was a simulated experience; real LAMs will not be so forgiving.

Link to comment
Share on other sites

With Panda Cloud Cleaner  (Realtime analyse with information in the cloud)2.10 is clean. But I found some information about this supposed Trojan which probably is a false positive by bad heuristic analyse of Ad Aware and MaxSecure

https://andisearch.com/?query=Trojan.Malware.300983.susgen

 

Keep Calm. No Panic (yet)

 

Edited by Zerg Rush

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

Link to comment
Share on other sites

Windows often reacts somewhat hysterically if exe files are downloaded, with some pop ups predicting the end of the world, even if they are trusted files. In some AV something similar happens.
For this reason, when in doubt, I use Panda, it has never betrayed me, I always had a 100% detection rate. They invented this Cloud Scanning thing, which is now used by many others.

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

Link to comment
Share on other sites

2 hours ago, Zerg Rush said:

Windows often reacts somewhat hysterically if exe files are downloaded, with some pop ups predicting the end of the world, even if they are trusted files.

If you mean the Windows Smart Screen, it works in a very simple way: Files which are not known to the filter are being flagged as suspicious, and it warns the user from exeucting them. That's all there is to it really. You can happily click on "More info", and "Allow" after that every time. 

I'd rather upload the file to VirusTotal, as @stgatilov wrote above, because that will run the file through many, many antivirus engines, and, if that says it's clean, or if only 1 or 2 or 3 engines detect something (a false positive in that case), then it is clean.

Link to comment
Share on other sites

2 hours ago, chakkman said:

If you mean the Windows Smart Screen, it works in a very simple way: Files which are not known to the filter are being flagged as suspicious, and it warns the user from exeucting them. That's all there is to it really. You can happily click on "More info", and "Allow" after that every time. 

I'd rather upload the file to VirusTotal, as @stgatilov wrote above, because that will run the file through many, many antivirus engines, and, if that says it's clean, or if only 1 or 2 or 3 engines detect something (a false positive in that case), then it is clean.

I know well all this, I have even a VT extension, I use also Blacklight and Unfurl to check a site, but after this, (you see, even VT has false positives, reason of this thread), I use also Panda, it hasn't such, never had, since the lot of years I use it (Panda Dome free AV in earlier  Windows, until 7, and now the standalonee scanner in W10 apart of the Defender, for occasional use). In Mobile is better BitDefender, somwhat lighter than Panda, because G Play Protect is a placebo (less than 70% detection quote)

Edited by Zerg Rush

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

Link to comment
Share on other sites

VirusTotal has false positives, because some of the used antiviruses report a false positive.

Sometimes it's as ridiculous as part of the file name... some years ago, I had a file with "Virus" something in the file name, and it was flagged by some antiviruses on VirusTotal because of that.

No software is perfect.

Link to comment
Share on other sites

Because of this, good AV use heuristic detection, based on the behavior of the file in a test environment, apart of une based in a list with the script of the badware. Last methode was used by the AV with local stored databases, which they had to update every few days, until Panda some years ago used DB in the cloud, updated in real time, every 6 minutes. This made the AV much faster, lightwight and efficient. Now the most good AV use this system, even Windows Defender, with this they avoid almost all false positives.

Obviously not everyone who uses VT uses this system, relying on their own lists that may be outdated or use only a rudimentary heuristic system.
It is always good to have different verification systems, like this one, in case of doubt, which as a general rule in VT is only indicated if there are several VA giving the alarm and not just one.

Generally the security system of current Windows is pretty good, between the Defender, the Sandbox system it had, which avoid that there a malware can affect system files, it protect even against root kits. Anyway is a good idea to have a scanner, like Panda Cloud Cleaner or AdwCleaner, at hand, to eliminate evtl. PUPs, hijacker or such, which isn't seen sometimes by the Defender.

Edited by Zerg Rush

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recent Status Updates

    • Ansome

      Finally got my PC back from the shop after my SSD got corrupted a week ago and damaged my motherboard. Scary stuff, but thank goodness it happened right after two months of FM development instead of wiping all my work before I could release it. New SSD, repaired Motherboard and BIOS, and we're ready to start working on my second FM with some added version control in the cloud just to be safe!
      · 0 replies
    • Petike the Taffer  »  DeTeEff

      I've updated the articles for your FMs and your author category at the wiki. Your newer nickname (DeTeEff) now comes first, and the one in parentheses is your older nickname (Fieldmedic). Just to avoid confusing people who played your FMs years ago and remember your older nickname. I've added a wiki article for your latest FM, Who Watches the Watcher?, as part of my current updating efforts. Unless I overlooked something, you have five different FMs so far.
      · 0 replies
    • Petike the Taffer

      I've finally managed to log in to The Dark Mod Wiki. I'm back in the saddle and before the holidays start in full, I'll be adding a few new FM articles and doing other updates. Written in Stone is already done.
      · 4 replies
    • nbohr1more

      TDM 15th Anniversary Contest is now active! Please declare your participation: https://forums.thedarkmod.com/index.php?/topic/22413-the-dark-mod-15th-anniversary-contest-entry-thread/
       
      · 0 replies
    • JackFarmer

      @TheUnbeholden
      You cannot receive PMs. Could you please be so kind and check your mailbox if it is full (or maybe you switched off the function)?
      · 1 reply
×
×
  • Create New...